I need major help please. HJT included

I can't access alot of programs on my computer. Some of those programs are Internet Explorer, WMP, most of MS Office, control panel, Spybot, Ad-Aware, Spyware Blaster, to name a few. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 5:37:29 PM, on 08/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\winumlgkk¬.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gary\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128033660437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h20179.www2.hp.com/psgna/caller/SysQuery.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\WINDOWS\TEMP\winumlgkk¬.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Hi dirtydog43.

Looks like this could be a new variant of HackerDefender. Lets run a batch tool to see if it picks up any of the tell-tale signs.


Please launch Notepad (Start > Run, type in: notepad)
Copy/paste all the text below in the code box to it:

Code:

@echo off
echo CHECKING FOR SDBOT CHANGES....PLEASE WAIT..........................

if exist C:\Report.txt del /q C:\Report.txt 
if exist check*.txt del /q check*.txt
echo.>>C:\Report.txt
regedit /e check1.txt  "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile "
if exist check1.txt find /v  "Windows Registry Editor Version 5.00" < check1.txt >> C:\Report.txt
regedit /e check2.txt  "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile "
if exist check2.txt find /v  "Windows Registry Editor Version 5.00" < check2.txt >> C:\Report.txt
regedit /e check3.txt  "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate "
if exist check3.txt find /v  "Windows Registry Editor Version 5.00" < check3.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check4.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa "
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >> C:\Report.txt
find  "restrictanonymous" < check4.txt | find /v  "restrictanonymoussam" >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check5.txt  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole "
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] >> C:\Report.txt
find  "EnableDCOM" < check5.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check6.txt  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >> C:\Report.txt
find  "Notify" < check6.txt >> C:\Report.txt
find  "Override" < check6.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check7.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr "
if exist check7.txt echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]>> C:\Report.txt
if exist check7.txt find  "Start" < check7.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check8.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc "
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] >>C:\Report.txt
find  "Start" < check8.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check9.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry "
if exist check9.txt echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> C:\Report.txt
if exist check9.txt find  "Start" < check9.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check10.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control "
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] >>C:\Report.txt
find  "WaitToKillServiceTimeout" < check10.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check11.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters "
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] >>C:\Report.txt
find  "AutoShare" < check11.txt >> C:\Report.txt
echo.>>C:\Report.txt
regedit /e check12.txt  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters "
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] >>C:\Report.txt
find  "AutoShare" < check12.txt >> C:\Report.txt
echo.>>C:\Report.txt
del /q check*.txt

notepad C:\Report.txt

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: SDCheck.bat
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on SDCheck.bat and let it run. post the results back here for me to view.

 

A dos screen flashes for a second then goes away.

 

My bad, the file is located on your C drive, named 'report.txt', I should have told you where it was. Apologies.

 

This is all that was in report.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

 

That's odd the resultant file I get is much larger. I need to have someone look at this to see what could be wrong.

Thanks for being patient.

 

This is what I get: When I run the batch file, A cmd window opens and stays open along with the "Report.txt" file. They both go away when closing the Report.txt file.



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous "=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM "= "Y "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify "=dword:00000001
"FirewallDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000000
"FirewallOverride "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start "=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start "=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start "=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout "= "20000 "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]

 

Yup, that's what I get too.

Thanks Bill

 

I also forgot to mention that a few days ago I did run AVG Anti-Spyware in safe mode. I did quarantine/clean all as apposed to no action taken like it says.

C:\Documents and Settings\Gary\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Gary\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\EFE1G103\asmfiles[1].cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\EFE1G103\asmfiles[1].cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asmps.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\System Volume Information\_restore{8CE743C7-D864-422C-8680-4122569E6450}\RP333\A0067130.exe -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\TopSearch -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : No action taken.
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : No action taken.
C:\WINDOWS\system32\P2P Networking v126.cpl -> Adware.P2PNet : No action taken.
C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x0604868124aa28653d7957c999576c60.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x8f9aae4c0d3adb98b9c3dbed5d26a54a.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0xa8e128990071525956394c3c6d5de179.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0xd2abff26033f6944cfd18b722e955e43.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-123.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2442111491.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1005-1020048.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : No action taken.
C:\!KillBox\ruytx.dll -> Adware.PurityScan : No action taken.

 

C:\!KillBox\win11981.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win12142.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win16845.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win18892.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win22017.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win23735.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win23906.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win27738.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win29423.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win30856.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win3265.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win35581.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win35611.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win41413.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win48284.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win54750.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win61197.dll -> Proxy.Agent.dd : No action taken.
C:\!KillBox\win8350.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win10938.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win11360.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win11943.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win12030.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win12794.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win12929.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win13574.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win14501.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win14938.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win15188.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win15795.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win16782.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win17160.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win18204.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win20965.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win22346.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win23281.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win23298.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win23338.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win28994.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win29202.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win30236.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win31676.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win31723.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win32027.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win33349.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win3345.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win33890.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win33965.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win34626.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win36884.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win37950.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win38073.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win39429.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win41725.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win42635.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win42720.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win43229.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win43233.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win45796.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win47658.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win4773.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win49746.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win51024.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win51040.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win51424.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win53056.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win53085.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win54544.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win54577.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win60704.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win62047.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win62949.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win63119.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win64002.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win64733.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win7713.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win7757.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win8425.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win9191.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win9712.dll -> Proxy.Agent.dd : No action taken.
C:\WINDOWS\system32\win10798.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win11471.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win11517.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win11730.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win12063.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win12079.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win12563.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win12829.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win13342.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win14473.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win14571.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win15063.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win16002.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win17359.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win1856.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win1947.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win20701.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win23127.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win237.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win24512.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win24984.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win2514.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win25428.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win25848.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win2648.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win26520.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win2675.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win26768.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win27366.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win27379.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win30056.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win33431.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win33467.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win34.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win35989.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win36147.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win37212.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win38333.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win39004.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win41481.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win42993.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win4416.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win47279.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win47401.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win47796.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win48319.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win48632.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win49191.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win497.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win50197.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win51212.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win51847.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win53595.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win54194.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win54809.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win54910.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win55441.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win55884.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win55917.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win57865.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win59298.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win59912.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win60136.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win60930.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win60977.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win61115.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win61318.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win61738.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win62734.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win63713.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win64083.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win64472.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win6666.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win7798.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win8110.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win9048.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\system32\win9751.dll -> Proxy.Agent.ll : No action taken.
C:\!KillBox\wnsapisv.exe -> Trojan.Small : No action taken.
C:\WINDOWS\R2FyeQ\lZIVyk.vbs -> Trojan.Small : No action taken.


Hope I didn't include what wasn't needed

 

Ok, well lets just run another find tool, then get another HJT logfile.

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Then run HJT and post both logs.

 

OK,

I run SDCheck.bat in safe mode and got these results;



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous "=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM "= "Y "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify "=dword:00000000
"FirewallDisableNotify "=dword:00000000
"UpdatesDisableNotify "=dword:00000000
"AntiVirusOverride "=dword:00000000
"FirewallOverride "=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start "=" "


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout "= "20000 "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]

Now while I was in Safe Mode, I was able to get into Control Panel and I opened Add/Remove Programs and I removed Bear Share, Kazaa Lite Revolution, and Bull Gaurd anti-spyware thing.

Now when I boot in regular windows, everything seems to be back to normal. All the desktop items that had no images for icons are back to normal, I can get into Control Panel again, and I can run SDCheck.bat and I get the same report as I did in safe mode.


Should I still run Combofix?

Thanks

 

Ok, the log appears to not indicate the infection I originally thought of.

But yes, please run ComboFix and then HJT post both back here for me. I'll be away for a portion of the evening with no access to my 'tools' but will be able to pop in and look quickly and may provide some additional instruction.

 

Gary - 06-12-09 19:19:40.62 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\My Antispyware "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Gary\My Documents\CURITY~1
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1\arpa.exe
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1\W?nSxS
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\YMANTE~1
C:\QooBox\Purity\WINDOWS\system32\CURITY~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\SKS~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1
C:\QooBox\Purity\WINDOWS\system32\STEM~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))


2006-12-09 18:11 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2006-12-09 18:11 24 --a------ C:\WINDOWS\system32\pavdr_actions.sys
2006-12-09 18:11 212 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2006-12-09 16:12 466,944 --a------ C:\WINDOWS\system32\win18110.dll
2006-12-09 16:09 23,552 --a------ C:\WINDOWS\system32\wmimgr32.dll
2006-12-09 12:02 466,944 --a------ C:\WINDOWS\system32\win33810.dll
2006-12-09 08:05 466,944 --a------ C:\WINDOWS\system32\win48372.dll
2006-12-09 04:03 466,944 --a------ C:\WINDOWS\system32\win59645.dll
2006-12-09 00:01 466,944 --a------ C:\WINDOWS\system32\win31461.dll
2006-12-08 16:01 466,944 --a------ C:\WINDOWS\system32\win10698.dll
2006-12-08 12:05 466,944 --a------ C:\WINDOWS\system32\win27776.dll
2006-12-08 08:03 466,944 --a------ C:\WINDOWS\system32\win1654.dll
2006-12-08 04:01 466,944 --a------ C:\WINDOWS\system32\win43005.dll
2006-12-08 00:04 466,944 --a------ C:\WINDOWS\system32\win62458.dll
2006-12-07 20:03 466,944 --a------ C:\WINDOWS\system32\win42086.dll
2006-12-07 16:01 466,944 --a------ C:\WINDOWS\system32\win22370.dll
2006-12-07 12:04 466,944 --a------ C:\WINDOWS\system32\win40260.dll
2006-12-07 08:02 466,944 --a------ C:\WINDOWS\system32\win19106.dll
2006-12-07 04:01 466,944 --a------ C:\WINDOWS\system32\win58114.dll
2006-12-07 00:04 466,944 --a------ C:\WINDOWS\system32\win15359.dll
2006-12-06 20:02 466,944 --a------ C:\WINDOWS\system32\win56663.dll
2006-12-06 16:00 466,944 --a------ C:\WINDOWS\system32\win35494.dll
2006-12-06 12:04 466,944 --a------ C:\WINDOWS\system32\win54931.dll
2006-12-06 08:02 466,944 --a------ C:\WINDOWS\system32\win31247.dll
2006-12-06 04:00 466,944 --a------ C:\WINDOWS\system32\win10140.dll
2006-12-06 00:04 466,944 --a------ C:\WINDOWS\system32\win36546.dll
2006-12-05 20:02 466,944 --a------ C:\WINDOWS\system32\win17564.dll
2006-12-05 16:00 466,944 --a------ C:\WINDOWS\system32\win58525.dll
2006-12-05 12:03 466,944 --a------ C:\WINDOWS\system32\win10957.dll
2006-12-05 08:02 466,944 --a------ C:\WINDOWS\system32\win53699.dll
2006-12-05 00:03 466,944 --a------ C:\WINDOWS\system32\win52749.dll
2006-12-04 22:04 466,944 --a------ C:\WINDOWS\system32\win309.dll
2006-12-04 18:03 466,944 --a------ C:\WINDOWS\system32\win43035.dll
2006-12-04 14:01 466,944 --a------ C:\WINDOWS\system32\win22491.dll
2006-12-04 10:04 466,944 --a------ C:\WINDOWS\system32\win46240.dll
2006-12-04 06:33 466,944 --a------ C:\WINDOWS\system32\win18548.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-09 19:18 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-09 19:18 -------- d-------- C:\Program Files\Kazaa
2006-12-09 19:16 -------- d-------- C:\Program Files\SpywareBlaster
2006-12-09 19:13 -------- d-------- C:\Program Files\Internet Explorer
2006-12-09 18:14 -------- d-------- C:\Program Files\dvd43
2006-12-09 16:06 -------- d-------- C:\Program Files\Kazaa Lite Revolution
2006-12-01 18:01 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-11-28 00:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-19 03:01 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-18 12:27 -------- d-------- C:\Documents and Settings\Gary\Application Data\Alibre Design
2006-11-18 12:25 -------- d-------- C:\Program Files\Alibre Design
2006-11-17 18:20 -------- d-------- C:\Program Files\BearShare Applications
2006-11-17 18:16 -------- d-------- C:\Program Files\iTunes
2006-11-17 18:16 -------- d-------- C:\Program Files\iPod
2006-11-17 18:14 -------- d-------- C:\Program Files\QuickTime
2006-11-17 18:12 -------- d-------- C:\Program Files\Apple Software Update
2006-11-12 20:32 -------- d-------- C:\Program Files\Java
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-21 15:15 -------- d-------- C:\Program Files\Viewpoint
2006-10-21 15:06 -------- d-------- C:\Program Files\HaxFix
2006-10-21 07:45 -------- d-------- C:\Program Files\Common Files
2006-10-15 14:04 -------- d-------- C:\Program Files\Grisoft
2006-10-14 09:21 0 --a------ C:\WINDOWS\system32\taskkill.exe
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 16:26 -------- d-------- C:\Program Files\Windows Defender
2006-10-11 16:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-11 16:23 -------- d-------- C:\Documents and Settings\Gary\Application Data\Lavasoft
2006-10-11 16:22 -------- d-------- C:\Program Files\Lavasoft
2006-10-11 16:21 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-22 18:57 7483 --a------ C:\clean.bat
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow! "=" "
"NVIEW "= "rundll32.exe nview.dll,nViewLoadHook "
"BGNewsAgent "= "\ "C:\\Program Files\\BullGuard Software\\BullGuard\\BgNewsUI.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdateManager "= "\ "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r "
"Apoint "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"AGRSMMSG "= "AGRSMMSG.exe "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"Cpqset "= "C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe "
"eabconfg.cpl "= "C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start "
"IntelliPoint "= "\ "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\" "
"MMTray "= "\ "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\" "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\" "
"MimBoot "= "C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe "
"HP Software Update "= "\ "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\" "
"HP Component Manager "= "\ "C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\" "
"dvd43 "= "C:\\Program Files\\dvd43\\dvd43_tray.exe "
"MULTIMEDIA KEYBOARD "= "C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe "
"Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"P2P Networking "= "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Panda_cleaner "= "C:\\WINDOWS\\system32\\ACTIVE~1\\pavdr.exe C:\\WINDOWS\\system32\\pavdr_actions.sys "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "
"Symantec NetDriver Warning "= "C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall "=" "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "
"Symantec NetDriver Warning "= "C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SRUUninstall "=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-09 19:20:57.00
C:\ComboFix.txt ... 06-12-09 19:20
C:\ComboFix2.txt ... 06-10-21 15:32
C:\ComboFix3.txt ... 06-10-21 15:20

 

Logfile of HijackThis v1.99.1
Scan saved at 9:41:36 PM, on 09/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\TEMP\winumlgkk¬.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Antispyware\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128033660437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h20179.www2.hp.com/psgna/caller/SysQuery.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\WINDOWS\TEMP\winumlgkk¬.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

OK, lets see how things work out.

Below you will find my results and recommendations from your HijackThis! log file analysis. Please read ALL instructions carefully BEFORE proceeding.


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

• Open Windows Defender.
• Click on Tools, General Settings.
• Scroll down and uncheck Turn on real-time protection (recommended).
• After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you re-enable Real-time Protection again.


:!: First thing we need to do is stop Windows Network Service service:
Go to: Start > Run > type " services.msc ", then click OK

When the Services window appears scroll down to the Windows Network Service service.

Click it to highlight it, then <right-click> and select: Properties
Select and set "Service Status" option to "Stop"
Select: "Startup type" and set it to "Disabled ", click Apply, then OK.


Access your Add or Remove Programs Control Panel by hittting your [Start ]button, select Control Panel and click on 'Add or Remove Programs'. Then find the following programs and click the [Change|Remove ]button for each, if they are listed
BearShare
Kazaa (Lite too)
Viewpoint

Please hit the 'Ctrl' key + 'Alt' key + 'Delete' key to bring up the Task Manager and select the 'Processes' tab. Then find, high-light and select 'End Task' on the following process(es) if present:
C:\WINDOWS\TEMP\winumlgkk¬.exe


Download the Killbox from here and save it to the desktop.

• Double-click the KillBox icon on your desktop to open it
• Select "Delete on Reboot "
• Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\win18110.dll
C:\WINDOWS\system32\wmimgr32.dll
C:\WINDOWS\system32\win33810.dll
C:\WINDOWS\system32\win48372.dll
C:\WINDOWS\system32\win59645.dll
C:\WINDOWS\system32\win31461.dll
C:\WINDOWS\system32\win10698.dll
C:\WINDOWS\system32\win27776.dll
C:\WINDOWS\system32\win1654.dll
C:\WINDOWS\system32\win43005.dll
C:\WINDOWS\system32\win62458.dll
C:\WINDOWS\system32\win42086.dll
C:\WINDOWS\system32\win22370.dll
C:\WINDOWS\system32\win40260.dll
C:\WINDOWS\system32\win19106.dll
C:\WINDOWS\system32\win58114.dll
C:\WINDOWS\system32\win15359.dll
C:\WINDOWS\system32\win56663.dll
C:\WINDOWS\system32\win35494.dll
C:\WINDOWS\system32\win54931.dll
C:\WINDOWS\system32\win31247.dll
C:\WINDOWS\system32\win10140.dll
C:\WINDOWS\system32\win36546.dll
C:\WINDOWS\system32\win17564.dll
C:\WINDOWS\system32\win58525.dll
C:\WINDOWS\system32\win10957.dll
C:\WINDOWS\system32\win53699.dll
C:\WINDOWS\system32\win52749.dll
C:\WINDOWS\system32\win309.dll
C:\WINDOWS\system32\win43035.dll
C:\WINDOWS\system32\win22491.dll
C:\WINDOWS\system32\win46240.dll
C:\WINDOWS\system32\win18548.dll
C:\WINDOWS\TEMP\winumlgkk¬.exe

Return to Killbox

• Go to the File menu, and choose "Paste from Clipboard ".
• Click the red-and-white [Delete File] button.
• Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations prompt.

Do not reboot yet.


Open Hijackthis, select the [Do a system scan only[/]b] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...ge=about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...ge=about:blank


O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)


O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART


O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\WINDOWS\TEMP\winumlgkk¬.exe


Reboot and run ComboFix first, then HJT and post both logs back into this thread.

 

I started doing the stuff on the list and I run into a problem. When I went to uninstall Kazaa, it says

"An error has ocurred. Please close all running programs, empty the temp folder and check your internet connection. "

I think I get this message because the Kazaa website is down so it is unable to access it to uninstal the program. Do I proceed anyway?

 

Yes, please do. And it's likely this is a preventative uninstall tactic more than anything else.

 

There was no entry labled O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\WINDOWS\TEMP\winumlgkk¬.exe in HJT

Gary - 06-12-10 11:20:54.96 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\My Antispyware "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Gary\My Documents\CURITY~1
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1\arpa.exe
C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1\W?nSxS
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\YMANTE~1
C:\QooBox\Purity\WINDOWS\system32\CURITY~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\SKS~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1
C:\QooBox\Purity\WINDOWS\system32\STEM~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))


2006-12-10 11:19 23,552 --a------ C:\WINDOWS\system32\wmimgr32.dll
2006-12-10 10:02 466,944 --a------ C:\WINDOWS\system32\win28720.dll
2006-12-09 20:03 466,944 --a------ C:\WINDOWS\system32\win15806.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-10 11:08 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-09 21:44 -------- d-------- C:\Program Files\LimeWire
2006-12-09 19:18 -------- d-------- C:\Program Files\Kazaa
2006-12-09 19:16 -------- d-------- C:\Program Files\SpywareBlaster
2006-12-09 19:13 -------- d-------- C:\Program Files\Internet Explorer
2006-12-09 18:14 -------- d-------- C:\Program Files\dvd43
2006-12-09 16:06 -------- d-------- C:\Program Files\Kazaa Lite Revolution
2006-12-01 18:01 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-11-28 00:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-19 03:01 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-18 12:27 -------- d-------- C:\Documents and Settings\Gary\Application Data\Alibre Design
2006-11-18 12:25 -------- d-------- C:\Program Files\Alibre Design
2006-11-17 18:20 -------- d-------- C:\Program Files\BearShare Applications
2006-11-17 18:16 -------- d-------- C:\Program Files\iTunes
2006-11-17 18:16 -------- d-------- C:\Program Files\iPod
2006-11-17 18:14 -------- d-------- C:\Program Files\QuickTime
2006-11-17 18:12 -------- d-------- C:\Program Files\Apple Software Update
2006-11-12 20:32 -------- d-------- C:\Program Files\Java
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-21 15:15 -------- d-------- C:\Program Files\Viewpoint
2006-10-21 15:06 -------- d-------- C:\Program Files\HaxFix
2006-10-21 07:45 -------- d-------- C:\Program Files\Common Files
2006-10-15 14:04 -------- d-------- C:\Program Files\Grisoft
2006-10-14 09:21 0 --a------ C:\WINDOWS\system32\taskkill.exe
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 16:26 -------- d-------- C:\Program Files\Windows Defender
2006-10-11 16:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-11 16:23 -------- d-------- C:\Documents and Settings\Gary\Application Data\Lavasoft
2006-10-11 16:22 -------- d-------- C:\Program Files\Lavasoft
2006-10-11 16:21 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-22 18:57 7483 --a------ C:\clean.bat
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow! "=" "
"NVIEW "= "rundll32.exe nview.dll,nViewLoadHook "
"BGNewsAgent "= "\ "C:\\Program Files\\BullGuard Software\\BullGuard\\BgNewsUI.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdateManager "= "\ "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r "
"Apoint "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"AGRSMMSG "= "AGRSMMSG.exe "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"Cpqset "= "C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe "
"eabconfg.cpl "= "C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start "
"IntelliPoint "= "\ "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\" "
"MMTray "= "\ "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\" "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\" "
"MimBoot "= "C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe "
"HP Software Update "= "\ "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\" "
"HP Component Manager "= "\ "C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\" "
"dvd43 "= "C:\\Program Files\\dvd43\\dvd43_tray.exe "
"MULTIMEDIA KEYBOARD "= "C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe "
"Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "
"Symantec NetDriver Warning "= "C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall "=" "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "
"Symantec NetDriver Warning "= "C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SRUUninstall "=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-10 11:22:36.03
C:\ComboFix.txt ... 06-12-10 11:22
C:\ComboFix2.txt ... 06-12-09 19:20
C:\ComboFix3.txt ... 06-10-21 15:32

 

Logfile of HijackThis v1.99.1
Scan saved at 11:26:57 AM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Antispyware\HijackThis-1.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128033660437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h20179.www2.hp.com/psgna/caller/SysQuery.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe